The SitePoint Forums have moved.

You can now find them here.
This forum is now closed to new posts, but you can browse existing content.
You can find out more information about the move and how to open a new account (if necessary) here.
If you get stuck you can get support by emailing forums@sitepoint.com

If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Even something as simple as telling them to enter the number 5 into a text box is extremely effective against a bot which has not been set up to specifically defeat your touring test. Most bots just crawl the net and try to post stuff, without any intelligence or assistance from a human. Such a simple test will still completely stop these.

But...if someone feels that your website is valuable enough for them to spend some time specifically tuning thier bot(or writing one from scratch) to defeat your test, they're going to obviously have a very easy time with the simple captcha. Decoding a strong image is not so simple to automate, even with the assistance of a human tuning it, although image reading programs are starting to become pretty good at it. Adding noise to the image makes it more difficult for a program to read.

So basically what I'm trying to say is that the desirability of posting to your website will determine how difficult you need to make it for them to automate. Making it more difficult will discourage people from making a focus of your site due to the increased time and effort required of them to make it happen.

If you want to make your own difficult CAPTCHA image, make sure the outlines of the text, from your point of view, are not easily discernible from the rest of the background. Adding random noise won't cut it. Even if the noise is a random distribution of discrete white/black pixels, the text will be a solid color, and just thinking about it makes it obvious that writing a program to discern the solid parts of the image would be easy (if even if you don't know how to do it yourself).

When you design your CAPTCHA, think about the question: if I threw this image into a graphics editor, would it be possible to break down the image and isolate the actual characters? If you go through a lot of custom-designed CAPTCHA images, you will find many of them failing this test.

Although in theory, you most likely do not need a difficult text-based captcha, because they are generally harder to read for humans too.

Well, I suppose the Microsoft, Yahoo, Google ones are good examples. They rely on deformed shapes moreso though. Unfortunately, they have been broken on several occasions (though not with > 80% accuracy, I don't think), but there are also hundreds of people trying to break those.

I think http://recaptcha.net/ is your best option. You won't need to fear about breaking CAPTCHAs with your site, so bothering with some complex CAPTCHA isn't really needed.

I think http://recaptcha.net/ is your best option. You won't need to fear about breaking CAPTCHAs with your site, so bothering with some complex CAPTCHA isn't really needed.

I've seen those before on random websites, but I didn't know it was a service webmasters could utilize. that's cool. I implemented a "securimage" PHP+GD captcha method for one of my clients, it uses gd to make letters (in a non standard font, which may be key to a good solid start) and uses random noise in the same color as the letters here and there which sometimes deform the letters. but anyhow, I understand what you mean and agree with most points.